Security Guidelines for Jarvy CLI

This skill provides comprehensive security guidelines for developing and maintaining the Jarvy CLI codebase. Jarvy is a cross-platform tool that provisions development environments by executing package manager commands (brew, apt, dnf, winget, etc.) with potential privilege escalation.

Threat Model Overview

Jarvy operates in a high-risk security context:

1. Command Execution: Executes external binaries (package managers, shells) with user-supplied data
2. Privilege Escalation: Uses sudo on POSIX systems for package installation
3. Configuration Parsing: Reads TOML files from user-specified paths
4. Network Requests: Makes HTTP requests to PostHog and OTLP endpoints
5. Telemetry Collection: Gathers machine fingerprints and usage data
6. Shell Script Execution: Downloads and executes installer scripts (rustup, nvm)

1. Command Injection Prevention